kalipso/ep3-bs.nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

WIP password -> passwordFile

Browse Source
This commit is contained in:
kalipso
2024-06-24 20:31:49 +02:00
parent 5ea5fa2f15
commit 2ddc2856f9
2 changed files with 34 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
ep3-bs.nix
View File

@@ -1,6 +1,7 @@
{ config, lib, options, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
with lib;
let let
cfg = config.services.ep3-bs; cfg = config.services.ep3-bs;
@@ -40,7 +41,7 @@ let
'db' => array( 'db' => array(
'database' => '${cfg.database.name}', 'database' => '${cfg.database.name}',
'username' => '${cfg.database.user}', 'username' => '${cfg.database.user}',
'password' => '${cfg.database.password}', 'password' => '%%PASSWORD_DB%%',
'hostname' => 'localhost', 'hostname' => 'localhost',
'port' => null, 'port' => null,
@@ -52,7 +53,7 @@ let
'host' => '${cfg.mail.host}', // for 'smtp' type only, otherwise remove or leave as is 'host' => '${cfg.mail.host}', // for 'smtp' type only, otherwise remove or leave as is
'user' => '${cfg.mail.user}', // for 'smtp' type only, otherwise remove or leave as is 'user' => '${cfg.mail.user}', // for 'smtp' type only, otherwise remove or leave as is
'pw' => '${cfg.mail.password}', // for 'smtp' type only, otherwise remove or leave as is 'pw' => '%%PASSWORD_MAIL%%', // for 'smtp' type only, otherwise remove or leave as is
'port' => '${cfg.mail.port}', // for 'smtp' type only, otherwise remove or leave as is 'port' => '${cfg.mail.port}', // for 'smtp' type only, otherwise remove or leave as is
'auth' => '${cfg.mail.auth}', // for 'smtp' type only, change this to 'login' if you have problems with SMTP authentication 'auth' => '${cfg.mail.auth}', // for 'smtp' type only, change this to 'login' if you have problems with SMTP authentication
@@ -100,8 +101,13 @@ let
${pkgs.php81Packages.composer}/bin/composer install --ignore-platform-reqs ${pkgs.php81Packages.composer}/bin/composer install --ignore-platform-reqs
cp ${cfg.favicon} ${cfg.stateDir}/public/imgs-client/icons/fav.ico cp ${cfg.favicon} ${cfg.stateDir}/public/imgs-client/icons/fav.ico
cp ${cfg.logo} ${cfg.stateDir}/public/imgs-client/layout/logo.png cp ${cfg.logo} ${cfg.stateDir}/public/imgs-client/layout/logo.png
cp -f ${configFile} ${cfg.stateDir}/config/autoload/local.php cp -f ${configFile} ${cfg.stateDir}/config/autoload/local.php
sed -i s/%%PASSWORD_DB%%/$(cat ${cfg.database.passwordFile})/ ${cfg.stateDir}/config/autoload/local.php
sed -i s/%%PASSWORD_MAIL%%/$(cat ${cfg.mail.passwordFile})/ ${cfg.stateDir}/config/autoload/local.php
if "${if cfg.in_production == true then "true" else "false"}" if "${if cfg.in_production == true then "true" else "false"}"
then then
rm ${cfg.stateDir}/public/setup.php rm ${cfg.stateDir}/public/setup.php
@@ -225,6 +231,16 @@ in
default = "?"; default = "?";
}; };
passwordFile = mkOption {
type = types.nullOr types.path;
default = null;
example = "/run/keys/mail-passwd";
description = lib.mdDoc ''
A file containing the password corresponding to
{option}`database.user`.
'';
};
port = mkOption { port = mkOption {
type = types.str; type = types.str;
default = "auto"; default = "auto";
@@ -258,15 +274,15 @@ in
description = lib.mdDoc "Database user."; description = lib.mdDoc "Database user.";
}; };
password = mkOption { #password = mkOption {
type = types.str; # type = types.str;
default = ""; # default = "";
description = lib.mdDoc '' # description = lib.mdDoc ''
The password corresponding to {option}`database.user`. # The password corresponding to {option}`database.user`.
Warning: this is stored in cleartext in the Nix store! # Warning: this is stored in cleartext in the Nix store!
Use {option}`database.passwordFile` instead. # Use {option}`database.passwordFile` instead.
''; # '';
}; #};
passwordFile = mkOption { passwordFile = mkOption {
type = types.nullOr types.path; type = types.nullOr types.path;
@@ -356,9 +372,9 @@ in
package = mkDefault pkgs.mariadb; package = mkDefault pkgs.mariadb;
initialScript = pkgs.writeText "mysqlInitScript" '' initialScript = pkgs.writeText "mysqlInitScript" ''
CREATE USER '${cfg.database.user}'@localhost IDENTIFIED BY '${cfg.database.password}'; CREATE USER '${cfg.database.user}'@localhost IDENTIFIED BY 'PW FOO';
CREATE DATABASE ${cfg.database.name}; CREATE DATABASE ${cfg.database.name};
GRANT ALL PRIVILEGES ON *.* TO '${cfg.database.user}'@localhost IDENTIFIED BY '${cfg.database.password}'; GRANT ALL PRIVILEGES ON *.* TO '${cfg.database.user}'@localhost IDENTIFIED BY 'PW FOO';
FLUSH PRIVILEGES; FLUSH PRIVILEGES;
''; '';

5
flake.nix
View File

@@ -23,14 +23,15 @@
services.ep3-bs.enable = true; services.ep3-bs.enable = true;
services.ep3-bs.mail.address = "test@test.de"; services.ep3-bs.mail.address = "test@test.de";
services.ep3-bs.database.user = "testuser3"; services.ep3-bs.database.user = "testuser3";
services.ep3-bs.database.password = "testPassword1234"; services.ep3-bs.database.passwordFile = "/var/lib/db.txt";
services.ep3-bs.mail.passwordFile = "/var/lib/mail.txt";
users.users.test = { users.users.test = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
initialPassword = "test"; initialPassword = "test";
}; };
virtualisation.vmVariant.virtualisation.graphics = true; virtualisation.vmVariant.virtualisation.graphics = false;
} }
]; ];
}; };